Try using secure method to prevent session hijacking Attack. Session Id should change/get refreshed evert time user get login and log out. WordPress doesn’t use PHP sessions, and doesn’t have a static session ID. You must be using a plugin or theme that is. login credentials should be encrypted at code level. WordPress’ login credentials … Read more
My process for cleaning a hacked site includes changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’) updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes use FTP of file manager to check every folder for files that look out of place (look at … Read more
If you have SSH access and WP-CLI is installed you can try running wp core verify-checksums to see if any Core files have been modified.
Codex recommends adding HTTP authentication as additional layer of protection. Strictly speaking it doesn’t rely on WP and keeping things independent is not a bad idea in context of security.
Read here about _moz_dirty (Using Google would have given you the same answer – 2nd Result for “_moz_dirty”). Regarding html-stuff: You’re offering the ability to add links…
The web installer writes configuration data into that file. It needs write access for that. I don’t think this was your backdoor. There was probably a plugin or an old theme with timthumb that had a vulnerability.
The best way to understand wordpress is to work with it and then use the WordPress CODEX to understand core functions. That said there are a few tools that many WordPress Developers use: A code editor with search and find functionality that will traverse all the files in your installation. I use Coda. Almost any … Read more
Well to say that these custom fields are insecure in the wp core tables is to say that the usernames and passwords are also insecure, along with any private or password protected posts. As long as you are not outputting these custom fields anywhere but a secure page for logged in, paid up users, no … Read more
Nice job recovering your password, however, the exploit probably still exists so you might get hacked again. Your next step is to find and seal up the security hole. It could be a plugin. It could be a theme. Download and run the Sucuri plugin to help you figure it out.
Check permissions on all WP folders. Check the htaccess file. Delete any unknown files throughout your hosting area. (Carefully.) Change all of your hosting passwords (including FTP accounts; delete any you don’t know). Strong passwords! Reinstall WP (from your admin – Dashboard, Updates). Reinstall all themes (deactivate, uninstall, reinstall, reactivate). Same for plugins (although header.php … Read more